When creating an api key does run-as override the other settings?

I created an API key and left the other settings apart from run-as as default (i.e. wide open) and set run as to a user with a role that has the desired priviliges.

Will this key have the restriction of the assigned role?

I would hope yes! : )

Did you create the API key with something like the following

POST _security/api_key
  "name": "k1",
  "role_descriptors": {
    "x": {
      "run_as": [

If yes, the API key will only have the privilege to run-as user foo and nothing else.


Ah! I should have been more explicit. I generated the key in kibana. So should cut everything except the run-as entry?

My reasoning was that if the key ran as a particular user then that would define the actual access.

That's correct

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.